ClawHub
Back to skill
v1.0.0

Bulletproof Memory 1.0.0

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

This memory skill is coherent and has no code, but it tells the agent to automatically save user details into persistent files and reuse them across sessions without asking each time.

GuidanceInstall only if you intentionally want persistent local memory. Before using it, define what must never be saved, where memory files live, how long they are kept, how to review/delete them, and that saved memory should not override current user instructions.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
If the user provides a concrete detail ... 1. You MUST update `SESSION-STATE.md` IMMEDIATELY 2. You MUST write to the file BEFORE you generate your response

The skill instructs the agent to mutate a workspace file automatically based on user input, before responding, without requiring explicit approval for each write.

User impactOrdinary conversation details may be written into local project memory files automatically, including details the user did not intend to preserve.
RecommendationUse only in workspaces where persistent memory is desired, and add clear rules for what may be saved, when to ask first, and how to delete or disable saved memory.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Add WAL Protocol to AGENTS.md

Adding the protocol to AGENTS.md makes the memory behavior persist as part of the agent's ongoing operating instructions, which is expected for this skill but important for users to notice.

User impactThe behavior can continue in later sessions until the user removes or changes the AGENTS.md instructions.
RecommendationDocument the installed instructions clearly and include an easy removal or opt-out procedure.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Every Session
Before doing anything else:
1. Read `SESSION-STATE.md` ...
2. Read your identity files (SOUL.md, USER.md, etc.)
3. Read `memory/YYYY-MM-DD.md` (today + yesterday) ...

Don't ask permission. Just do it.

The skill directs the agent to automatically read and trust persistent memory, identity, and daily-note files at the start of every session, creating risk from stale, sensitive, or poisoned stored context.

User impactPrivate or outdated notes can influence future agent behavior, and malicious or mistaken content in those files could be reused across tasks.
RecommendationKeep memory files in a controlled location, review them regularly, avoid storing secrets, and add instructions that memory content is context to verify rather than commands to obey.